title | description | services | ms.subservice | ms.topic | ms.date | ms.custom |
---|---|---|---|---|---|---|
Configure machines to a desired state in Azure Automation |
This article tells how to configure machines to a desired state using Azure Automation State Configuration. |
automation |
dsc |
conceptual |
04/15/2021 |
devx-track-azurepowershell |
Azure Automation State Configuration allows you to specify configurations for your servers and ensure that those servers are in the specified state over time.
[!div class="checklist"]
- Onboard a VM to be managed by Azure Automation DSC
- Upload a configuration to Azure Automation
- Compile a configuration into a node configuration
- Assign a node configuration to a managed node
- Check the compliance status of a managed node
For this tutorial, we use a simple DSC configuration that ensures that IIS is installed on the VM.
- An Azure Automation account. To learn more about an Automation account and its requirements, see Automation Account authentication overview.
- An Azure Resource Manager VM (not classic) running Windows Server 2008 R2 or later. For instructions on creating a VM, see Create your first Windows virtual machine in the Azure portal.
- Azure PowerShell module version 3.6 or later. Run
Get-Module -ListAvailable Az
to find the version. If you need to upgrade, see Install Azure PowerShell module. - Familiarity with Desired State Configuration (DSC). For information about DSC, see Windows PowerShell Desired State Configuration Overview.
Azure Automation State Configuration supports the use of partial configurations. In this scenario, DSC is configured to manage multiple configurations independently, and each configuration is retrieved from Azure Automation. However, only one configuration can be assigned to a node per automation account. This means if you are using two configurations for a node you will require two Automation accounts.
For details about how to register a partial configuration from a pull service, see the documentation for partial configurations.
For more information about how teams can work together to collaboratively manage servers using configuration as code, see Understanding DSC's role in a CI/CD Pipeline.
Log in to your Azure subscription with the Connect-AzAccount cmdlet and follow the on-screen directions.
Connect-AzAccount
In a text editor, type the following and save it locally as TestConfig.ps1.
configuration TestConfig {
Node WebServer {
WindowsFeature IIS {
Ensure = 'Present'
Name = 'Web-Server'
IncludeAllSubFeature = $true
}
}
}
Note
In more advanced scenarios where you require multiple modules to be imported that provide DSC Resources,
make sure each module has a unique Import-DscResource
line in your configuration.
Call the Import-AzAutomationDscConfiguration cmdlet to upload the configuration into your Automation account.
Import-AzAutomationDscConfiguration -SourcePath 'C:\DscConfigs\TestConfig.ps1' -ResourceGroupName 'MyResourceGroup' -AutomationAccountName 'myAutomationAccount' -Published
A DSC configuration must be compiled into a node configuration before it can be assigned to a node. See DSC configurations.
Call the Start-AzAutomationDscCompilationJob cmdlet to compile the TestConfig
configuration into a node configuration named TestConfig.WebServer
in your Automation account.
Start-AzAutomationDscCompilationJob -ConfigurationName 'TestConfig' -ResourceGroupName 'MyResourceGroup' -AutomationAccountName 'myAutomationAccount'
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines. In this topic, we cover how to register only Azure Resource Manager VMs. For information about registering other types of machines, see Onboarding machines for management by Azure Automation State Configuration.
Call the Register-AzAutomationDscNode cmdlet to register your VM with Azure Automation State Configuration as a managed node.
Register-AzAutomationDscNode -ResourceGroupName 'MyResourceGroup' -AutomationAccountName 'myAutomationAccount' -AzureVMName 'DscVm'
Use the Register-AzAutomationDscNode cmdlet to register a VM as a managed node and specify configuration properties. For
example, you can specify that the state of the machine is to be applied only once by specifying ApplyOnly
as the value of the ConfigurationMode
property. State Configuration doesn't try to apply the configuration after the initial check.
Register-AzAutomationDscNode -ResourceGroupName 'MyResourceGroup' -AutomationAccountName 'myAutomationAccount' -AzureVMName 'DscVm' -ConfigurationMode 'ApplyOnly'
You can also specify how often DSC checks the configuration state by using the ConfigurationModeFrequencyMins
property. For more information about DSC configuration settings, see Configuring the Local Configuration Manager.
# Run a DSC check every 60 minutes
Register-AzAutomationDscNode -ResourceGroupName 'MyResourceGroup' -AutomationAccountName 'myAutomationAccount' -AzureVMName 'DscVm' -ConfigurationModeFrequencyMins 60
Now we can assign the compiled node configuration to the VM we want to configure.
# Get the ID of the DSC node
$node = Get-AzAutomationDscNode -ResourceGroupName 'MyResourceGroup' -AutomationAccountName 'myAutomationAccount' -Name 'DscVm'
# Assign the node configuration to the DSC node
Set-AzAutomationDscNode -ResourceGroupName 'MyResourceGroup' -AutomationAccountName 'myAutomationAccount' -NodeConfigurationName 'TestConfig.WebServer' -NodeId $node.Id
This assigns the node configuration named TestConfig.WebServer
to the registered DSC node DscVm
. By default, the DSC node is checked for compliance with the node configuration every 30 minutes. For information about how to change the compliance check interval, see
Configuring the Local Configuration Manager.
You can get reports on the compliance status of a managed node using the Get-AzAutomationDscNodeReport cmdlet.
# Get the ID of the DSC node
$node = Get-AzAutomationDscNode -ResourceGroupName 'MyResourceGroup' -AutomationAccountName 'myAutomationAccount' -Name 'DscVm'
# Get an array of status reports for the DSC node
$reports = Get-AzAutomationDscNodeReport -ResourceGroupName 'MyResourceGroup' -AutomationAccountName 'myAutomationAccount' -NodeId $node.Id
# Display the most recent report
$reports[0]
- To get started, see Get started with Azure Automation State Configuration.
- To learn how to enable nodes, see Enable Azure Automation State Configuration.
- To learn about compiling DSC configurations so that you can assign them to target nodes, see Compile DSC configurations in Azure Automation State Configuration.
- To see an example of using Azure Automation State Configuration in a continuous deployment pipeline, see Set up continuous deployment with Chocolatey.
- For pricing information, see Azure Automation State Configuration pricing.
- For a PowerShell cmdlet reference, see Az.Automation.